{ "objects":[ { "objectName":"event1", "comment":"ဩᚙ௵ comment on event1", "autoextractSearch":" (uri=\"*.php\" OR uri=\"*.py\"\nNOT (referer=null OR referer=\"-\")) ", "calculations":[ { "owner":"event1", "calculationID":"93fzsv03wa7", "outputFields":[ { "owner":"event1", "type":"string", "hidden":true, "fieldSearch":"new_field=* ", "fieldName":"new_field", "multivalue":false, "displayName":"My New Field", "editable":true, "required":true, "comment":"" } ], "comment":"", "editable":true, "calculationType":"Eval", "expression":"if(cidrmatch(\"192.0.0.0/16\", clientip), \"local\", \"other\")" }, { "owner":"event1", "calculationID":"sr3mc8o3mjr", "outputFields":[ { "multivalue":false, "hidden":false, "fieldName":"output_from_reverse_hostname", "type":"ipv4", "owner":"event1", "comment":"", "fieldSearch":"output_from_reverse_hostname=* ", "editable":true, "lookupOutputFieldName":"reverse_hostname", "displayName":"\u0bf5aad", "required":true } ], "comment":"", "editable":true, "lookupName":"dnslookup", "inputField":"host", "calculationType":"Lookup", "lookupField":"a_lookup_field" }, { "owner":"event1", "calculationID":"a5v1k82ymic", "outputFields":[ { "owner":"event1", "type":"string", "hidden":false, "fieldSearch":"", "fieldName":"from", "multivalue":false, "displayName":"from", "editable":true, "required":false, "comment":"" }, { "owner":"event1", "type":"string", "hidden":false, "fieldSearch":"", "fieldName":"to", "multivalue":false, "displayName":"to", "editable":true, "required":false, "comment":"" } ], "comment":"", "editable":true, "inputField":"_raw", "calculationType":"Rex", "expression":" From: (?.*) To: (?.*) " }, { "owner":"event1", "calculationID":"pbe9bd0rp4", "outputFields":[ { "multivalue":false, "hidden":false, "fieldName":"output_from_reverse_hostname_lon", "type":"number", "owner":"event1", "comment":"", "fieldSearch":"output_from_reverse_hostname_lon=* ", "editable":true, "lookupOutputFieldName":"lon", "displayName":"output_from_reverse_hostname_lon", "required":true }, { "multivalue":false, "hidden":false, "fieldName":"output_from_reverse_hostname_lat", "type":"number", "owner":"event1", "comment":"", "fieldSearch":"output_from_reverse_hostname_lat=* ", "editable":true, "lookupOutputFieldName":"lat", "displayName":"output_from_reverse_hostname_lat", "required":true }, { "multivalue":false, "hidden":false, "fieldName":"output_from_reverse_hostname_City", "type":"string", "owner":"event1", "comment":"", "fieldSearch":"output_from_reverse_hostname_City=* ", "editable":true, "lookupOutputFieldName":"City", "displayName":"output_from_reverse_hostname_City", "required":true }, { "multivalue":false, "hidden":false, "fieldName":"output_from_reverse_hostname_Region", "type":"string", "owner":"event1", "comment":"", "fieldSearch":"output_from_reverse_hostname_Region=* ", "editable":true, "lookupOutputFieldName":"Region", "displayName":"output_from_reverse_hostname_Region", "required":true }, { "multivalue":false, "hidden":false, "fieldName":"output_from_reverse_hostname_Country", "type":"string", "owner":"event1", "comment":"", "fieldSearch":"output_from_reverse_hostname_Country=* ", "editable":true, "lookupOutputFieldName":"Country", "displayName":"output_from_reverse_hostname_Country", "required":true } ], "comment":"ဩᚙ௵ comment of pbe9bd0rp4", "editable":true, "inputField":"output_from_reverse_hostname", "calculationType":"GeoIP" } ], "previewSearch":" | search (uri=\"*.php\" OR uri=\"*.py\"\nNOT (referer=null OR referer=\"-\")) | eval \"new_field\"=if(cidrmatch(\"192.0.0.0/16\", clientip), \"local\", \"other\") | lookup dnslookup a_lookup_field AS host OUTPUT reverse_hostname AS output_from_reverse_hostname | rex field=_raw \" From: (?.*) To: (?.*) \" max_match=1 | iplocation \"output_from_reverse_hostname\" prefix=output_from_reverse_hostname_ | search new_field=* output_from_reverse_hostname=* output_from_reverse_hostname_lon=* output_from_reverse_hostname_lat=* output_from_reverse_hostname_City=* output_from_reverse_hostname_Region=* output_from_reverse_hostname_Country=* ", "children":[ ], "objectSearch":" | search (uri=\"*.php\" OR uri=\"*.py\"\nNOT (referer=null OR referer=\"-\")) | rename \"new_field\" AS \"event1.new_field\", \"output_from_reverse_hostname\" AS \"event1.output_from_reverse_hostname\", \"from\" AS \"event1.from\", \"to\" AS \"event1.to\", \"output_from_reverse_hostname_lon\" AS \"event1.output_from_reverse_hostname_lon\", \"output_from_reverse_hostname_lat\" AS \"event1.output_from_reverse_hostname_lat\", \"output_from_reverse_hostname_City\" AS \"event1.output_from_reverse_hostname_City\", \"output_from_reverse_hostname_Region\" AS \"event1.output_from_reverse_hostname_Region\", \"output_from_reverse_hostname_Country\" AS \"event1.output_from_reverse_hostname_Country\" | rename \"event1.new_field\" AS \"new_field\", \"event1.output_from_reverse_hostname\" AS \"output_from_reverse_hostname\", \"event1.from\" AS \"from\", \"event1.to\" AS \"to\", \"event1.output_from_reverse_hostname_lon\" AS \"output_from_reverse_hostname_lon\", \"event1.output_from_reverse_hostname_lat\" AS \"output_from_reverse_hostname_lat\", \"event1.output_from_reverse_hostname_City\" AS \"output_from_reverse_hostname_City\", \"event1.output_from_reverse_hostname_Region\" AS \"output_from_reverse_hostname_Region\", \"event1.output_from_reverse_hostname_Country\" AS \"output_from_reverse_hostname_Country\" | eval \"new_field\"=if(cidrmatch(\"192.0.0.0/16\", clientip), \"local\", \"other\") | lookup dnslookup a_lookup_field AS host OUTPUT reverse_hostname AS output_from_reverse_hostname | rex field=_raw \" From: (?.*) To: (?.*) \" max_match=1 | iplocation \"output_from_reverse_hostname\" prefix=output_from_reverse_hostname_ | search new_field=* output_from_reverse_hostname=* output_from_reverse_hostname_lon=* output_from_reverse_hostname_lat=* output_from_reverse_hostname_City=* output_from_reverse_hostname_Region=* output_from_reverse_hostname_Country=* | rename \"new_field\" AS \"event1.new_field\", \"output_from_reverse_hostname\" AS \"event1.output_from_reverse_hostname\", \"from\" AS \"event1.from\", \"to\" AS \"event1.to\", \"output_from_reverse_hostname_lon\" AS \"event1.output_from_reverse_hostname_lon\", \"output_from_reverse_hostname_lat\" AS \"event1.output_from_reverse_hostname_lat\", \"output_from_reverse_hostname_City\" AS \"event1.output_from_reverse_hostname_City\", \"output_from_reverse_hostname_Region\" AS \"event1.output_from_reverse_hostname_Region\", \"output_from_reverse_hostname_Country\" AS \"event1.output_from_reverse_hostname_Country\" | fields \"_time\", \"host\", \"source\", \"sourcetype\", \"event1.new_field\", \"event1.output_from_reverse_hostname\", \"event1.from\", \"event1.to\", \"event1.output_from_reverse_hostname_lon\", \"event1.output_from_reverse_hostname_lat\", \"event1.output_from_reverse_hostname_City\", \"event1.output_from_reverse_hostname_Region\", \"event1.output_from_reverse_hostname_Country\"", "constraints":[ { "owner":"event1", "search":"uri=\"*.php\" OR uri=\"*.py\"\nNOT (referer=null OR referer=\"-\")" } ], "lineage":"event1", "tsidxNamespace":"", "displayName":"event1 ဩᚙ", "fields":[ { "owner":"BaseEvent", "type":"timestamp", "hidden":false, "fieldSearch":"", "fieldName":"_time", "multivalue":false, "displayName":"_time", "editable":false, "required":false, "comment":"" }, { "owner":"BaseEvent", "type":"string", "hidden":false, "fieldSearch":"", "fieldName":"host", "multivalue":false, "displayName":"host", "editable":false, "required":false, "comment":"" }, { "owner":"BaseEvent", "type":"string", "hidden":false, "fieldSearch":"", "fieldName":"source", "multivalue":false, "displayName":"source", "editable":false, "required":false, "comment":"" }, { "owner":"BaseEvent", "type":"string", "hidden":false, "fieldSearch":"", "fieldName":"sourcetype", "multivalue":false, "displayName":"sourcetype", "editable":false, "required":false, "comment":"" }, { "owner":"event1", "type":"objectCount", "hidden":false, "fieldSearch":"", "fieldName":"event1", "multivalue":false, "displayName":"event1", "editable":false, "required":false, "comment":"" } ], "parentName":"BaseEvent", "objectSearchNoFields":" | search (uri=\"*.php\" OR uri=\"*.py\"\nNOT (referer=null OR referer=\"-\")) | rename \"new_field\" AS \"event1.new_field\", \"output_from_reverse_hostname\" AS \"event1.output_from_reverse_hostname\", \"from\" AS \"event1.from\", \"to\" AS \"event1.to\", \"output_from_reverse_hostname_lon\" AS \"event1.output_from_reverse_hostname_lon\", \"output_from_reverse_hostname_lat\" AS \"event1.output_from_reverse_hostname_lat\", \"output_from_reverse_hostname_City\" AS \"event1.output_from_reverse_hostname_City\", \"output_from_reverse_hostname_Region\" AS \"event1.output_from_reverse_hostname_Region\", \"output_from_reverse_hostname_Country\" AS \"event1.output_from_reverse_hostname_Country\" | rename \"event1.new_field\" AS \"new_field\", \"event1.output_from_reverse_hostname\" AS \"output_from_reverse_hostname\", \"event1.from\" AS \"from\", \"event1.to\" AS \"to\", \"event1.output_from_reverse_hostname_lon\" AS \"output_from_reverse_hostname_lon\", \"event1.output_from_reverse_hostname_lat\" AS \"output_from_reverse_hostname_lat\", \"event1.output_from_reverse_hostname_City\" AS \"output_from_reverse_hostname_City\", \"event1.output_from_reverse_hostname_Region\" AS \"output_from_reverse_hostname_Region\", \"event1.output_from_reverse_hostname_Country\" AS \"output_from_reverse_hostname_Country\" | eval \"new_field\"=if(cidrmatch(\"192.0.0.0/16\", clientip), \"local\", \"other\") | lookup dnslookup a_lookup_field AS host OUTPUT reverse_hostname AS output_from_reverse_hostname | rex field=_raw \" From: (?.*) To: (?.*) \" max_match=1 | iplocation \"output_from_reverse_hostname\" prefix=output_from_reverse_hostname_ | search new_field=* output_from_reverse_hostname=* output_from_reverse_hostname_lon=* output_from_reverse_hostname_lat=* output_from_reverse_hostname_City=* output_from_reverse_hostname_Region=* output_from_reverse_hostname_Country=* | rename \"new_field\" AS \"event1.new_field\", \"output_from_reverse_hostname\" AS \"event1.output_from_reverse_hostname\", \"from\" AS \"event1.from\", \"to\" AS \"event1.to\", \"output_from_reverse_hostname_lon\" AS \"event1.output_from_reverse_hostname_lon\", \"output_from_reverse_hostname_lat\" AS \"event1.output_from_reverse_hostname_lat\", \"output_from_reverse_hostname_City\" AS \"event1.output_from_reverse_hostname_City\", \"output_from_reverse_hostname_Region\" AS \"event1.output_from_reverse_hostname_Region\", \"output_from_reverse_hostname_Country\" AS \"event1.output_from_reverse_hostname_Country\"" } ], "displayName":"\u0bf5\u0bf1\u0bf0\u0bef - search 1", "objectSummary":{ "Event-Based":1, "Search-Based":0, "Transaction-Based":0, "Interfaces":0, "Interface Implementations":0 }, "description":"A description", "objectNameList":[ "event1" ] }